Ransomware has long been the scourge of the cybersecurity industry. When that extortionate hacking goes beyond encrypting files to fully paralyze computers across a company, it represents not just a mere shakedown, but a crippling disruption. Now a nasty new breed of ransomware known as LockerGoga is inflicting that paralysis on industrial firms whose computers control actual physical equipment, and it’s enough to deeply spook security researchers.

Since the beginning of the year, LockerGoga has hit a series of industrial and manufacturing firms with apparently catastrophic consequences: After an initial infection at the French engineering consulting firm Altran, LockerGoga last week slammed Norwegian aluminum manufacturer Norsk Hydro, forcing some of the company’s aluminum plants to switch to manual operations. Two more manufacturing companies, Hexion and Momentive, have been hit by LockerGoga—in Momentive’s case leading to a “global IT outage,” according to a report Friday by Motherboard. And incident responders at security firm FireEye tell WIRED they’ve dealt with multiple LockerGoga attacks on other industrial and manufacturing targets they declined to name, which would put the total number of victims in that sector at five or more.

Security researchers also say that the most recently discovered strain of the malware is particularly disruptive, shutting down computers entirely, locking out their users, and rendering it difficult for victims to even pay the ransom. The result is a dangerous combination: reckless hacking that targets a set of companies that are highly incentivized to quickly pay the ransom, but also ones where a cyberattack could wind up physically harming equipment or even a factory’s staff. Read more: